Shiny proxy

Installation on debian

DOCKER

apt-get update
apt-get install ca-certificates curl
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
   tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update

apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
chmod 666 /var/run/docker.sock

NGINX

apt install nginx certbot python3-certbot-nginx
certbot --nginx

server {
        server_name   datathon.libredatahub.org;
        location /actuator/prometheus {
                proxy_pass http://127.0.0.1:9093$request_uri;
        }
        location /prometheus/node-exporter {
                proxy_pass http://127.0.0.1:9100/metrics;
        }
        location /prometheus/cadvisor {
                proxy_pass http://127.0.0.1:8085/metrics;
        }
        location / {
            proxy_pass http://127.0.0.1:8083$request_uri;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_read_timeout 20d;
            proxy_buffering off;
            proxy_redirect    off;
            proxy_set_header  Host             $http_host;
            proxy_set_header  X-Real-IP        $remote_addr;
            proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_set_header  X-Forwarded-Proto $scheme;
            client_max_body_size 2G;
            proxy_hide_header X-Frame-Options;
        }
        access_log            /var/log/nginx/shinyproxy.access.log;
        error_log             /var/log/nginx/shinyproxy.error.log error;
}

SHINY-PROXY

mkdir /shinyproxy && cd /shinyproxy
git clone https://framagit.org/interhop/libre-data-hub/datathon.git

.env file:

SSO_DOMAIN=
SSO_REALM=
SSO_CLIENT_ID=
SSO_CLIENT_SECRET=

docker equivalent to the docker compose

docker network create shiny-proxy-net
docker run --name shinyproxy-test -d -v /var/run/docker.sock:/var/run/docker.sock:ro --group-add $(getent group docker | cut -d: -f3) --net shiny-proxy-net -p 8083:8080 shinyproxy:latest

Keycloak

• create a client
• check authentication
• root = my-domain.org
• create a mapper for groups

Build/Push images

docker login -u interhop registry-1.docker.io
docker buildx build -t interhop/datathon2024-rstudio:1.0.0 -f Dockerfile.rstudio . --push
docker buildx build -t interhop/datathon2024-jupyter:1.0.0 -f Dockerfile.jupyter . --push
docker buildx build -t interhop/datathon2024-schemaspy:1.0.0 -f Dockerfile.schemaspy . --push

Gotcha cloudbeaver

• must specify rootURI
• anonymous does not access db by default
• admin can give access, but it saved in the db ; no way to save in conf files
• so in initial-data.conf, we set user (includes anonymous) role admin
• BTW weird bug we had to add permission and permissions in the conf